Searching upgrade software vulnerabilities

Pingtel xpressa SIP-based voice-over-IP phone 1

voice-over-IP | SIP-based | Pingtel | xpressa | phone |

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.


Microsoft Windows XP Professional upgrade editi

Professional | overwrites | previously | Microsoft | installed | unpatched | Internet | Explorer | leaving | upgrade | Windows | patches | edition |

Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.


Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 an

Cable/DSL | EtherFast | BEFSRU31 | firmware | BEFSR41 | Linksys | BEFSR11 |

Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers go gain access.


Apache 2 before 2.0.47, and certain versions of

before | Apache |

Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.


Help and Support Center in Microsoft Windows XP

Microsoft | Windows | Support | Server | Center | Help |

Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).


Multiple format string vulnerabilities in the (

vulnerabilities | Multiple | string | format |

Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.


The upgrade for BlackICE PC Protection 3.6 and

permissions | Protection | insecure | BlackICE | upgrade | earlier | files | such | sets | INI |

The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.


D-Link DSL-504T allows remote attackers to bypa

authentication | configuration | firmwarecfg | privileges | attackers | DSL-504T | firmware | restart | restore | request | upgrade | bypass | direct | remote | D-Link | allows | router | saved | such | gain | via |

D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.


Multiple PHP file inclusion vulnerabilities in

vulnerabilities | inclusion | Multiple | MySource | file | PHP |

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.


wan/sdla.c in Linux kernel 2.6.x before 2.6.11

wan/sdlac | before | kernel | Linux | 26x |

wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels.


Directory traversal vulnerability in Gallery 2.

vulnerability | traversal | Directory | Gallery |

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.


Multiple unspecified vulnerabilities in Oracle

vulnerabilities | unspecified | Database | Multiple | Oracle |

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of Wednesday, July 19, 2006, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.


** DISPUTED ** PHP remote file inclusion vulne

install/upgrade_301php | vulnerability | inclusion | vBulletin | DISPUTED | Jelsoft | remote | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system."


SQL injection vulnerability in the Upgrade/Down

Upgrade/Downgrade | vulnerability | component | injection | SQL |

SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of Tuesday, April 24, 2007, Oracle has not disputed reliable claims that DB07 is actually for multiple issues.


Unspecified vulnerability in the Upgrade/Downgr

Upgrade/Downgrade | vulnerability | Unspecified | component | Database | Oracle |

Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of Tuesday, April 24, 2007, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility."


The agent remote upgrade interface in Symantec

Enterprise | interface | Symantec | Security | upgrade | Manager | remote | agent |

The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before Thursday, April 05, 2007 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.


user.php in the Billing Control Panel in phpCou

custom=upgrade | status=success | authenticated | transactions | substrings | containing | parameter | phpCoupon | possibly | modified | REQ=auth | related | coupons | certain | acquire | Billing | Premium | Control | userphp | remote | allows | obtain | Member | PayPal | status | Panel | users | free | via | URL |

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.


Kaspersky Anti-Spam 3.0 MP1 before Critical Fix

Anti-Spam | Kaspersky | Critical | before | Fix | MP1 |

Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges.


Software vulnerabilities results 1 to 20 of 28     
Page: 12